CD & GitOps Features

CD Pipeline Features

Pipelines as Code / Configuration as Code

Harness provides seamless integration between your Harness projects, pipelines, and resources and your Git repos. With Harness Pipelines as Code, you can work entirely from Git and can synchronize your pipeline configurations with Git and keep them up to date. Store and retrieve Harness configurations to/from Git, and change Harness configuration just by changing the YAML files in Git.

Comprehensive APIs

Harness provides well-documented REST APIs for automation across our entire platform, including onboarding new teams and projects at scale. Our APIs enable you to automate and manage your end-to-end workflow, and integrate Harness into your existing tooling.

Visual Pipeline Builder with built-in YAML editor

The Pipeline Studio includes visual and YAML editors. Everything you can do in the visual editor you can also do in YAML. Plus, the YAML editor validates YAML before allowing you to save it. ​​The best way to get started with YAML is to do a CI Quickstart or CD Quickstart and then view the YAML in Pipeline Studio.

Continuous Verification

The more often you deploy software, the more you need to validate the health of newly deployed service instances. Harness provides an AI/ML-driven verification capability that automatically validates deployment quality to reduce risk and provides a safety net when code is deployed to production. Integrations include Prometheus, Splunk, Google Cloud Operations, Datadog and other applications. Harness also includes a verify pipeline step, which uses machine learning to identify normal behavior for your applications. Harness can then identify and flag anomalies in future deployments, and to perform automatic rollbacks.

Pipeline Parametrization

You can use values files for Kubernetes and Helm deployments in Harness. Harness supports Kubernetes and Helm charts without requiring Helm or Tiller, and Kubernetes and Helm have equal support for all Harness deployment strategies. With this feature, you can add values files, override them at the service and environment, and override them at pipeline runtime.

Smart Pipeline Triggers (with customizable webhook-based execution)

Triggers are used to initiate the execution of pipelines. Within Harness, pipelines can be triggered using Git event payload conditions or Git events on a new artifact or on a new Helm Chart. For all Git providers supported by Harness, the webhook is created in the repo automatically. You don't need to copy it and add it to your repo webhooks.

Pipeline Notifications

You can send pipeline event notifications using email and popular communication and incident management platforms, so teams are always informed of relevant pipeline events. Event notifications are set up using notification rules in your pipeline. You select the types of events to send, and then select how you want to send notifications. When those events occur, Harness sends event information to those channels and recipients.

Pipeline Scheduling

Harness provides a great deal of flexibility for pipeline scheduling. You can schedule pipelines using Cron-based triggers, so they run regularly on a day and time, such as Mondays at 9 am. Users can also schedule a pipeline to run once on a specific day and time, such as on May 4, 2022 at 10 pm.

Unified Pipeline with Harness CI

In Harness pipelines, users can visually model build and test processes as CI stages. Each stage includes steps for building, testing, and pushing code. Harness CI simplifies CI pipelines, enabling users to model stages visually and automate processes of building and testing software.

GitOps-as-a-Service

Pull Request Pipelines

Pull request pipelines, also known as wave deployments, add a layer of orchestration on top of standard GitOps deployments, making it easy to propagate changes across multiple services and environments without having to individually manage each deployment.

Fully Managed GitOps

Harness GitOps-as-a-Service is a hosted solution that reduces the maintenance overhead of managing numerous GitOps implementations. Instead of installing instances of an open-source solution and maintaining the infrastructure it runs on, GitOps-as-a-Service hosts and manages everything.

Centralized Dashboards

Harness provides a centralized control center that allows your teams to view and manage GitOps-based deployments across all of your environments in a single, unified view. Your teams can access granular service and environment health information, and even trigger rollbacks (to any previous Git commit) when challenges are detected. We also provide the ability to create custom Looker-based dashboards to meet your business’s specific visualization needs.

Bring your own Argo CD Instances

Harness makes migration from other Argo CD deployments into GitOps-as-a-Service fast and easy - no need to recreate Argo CD-based deployments from scratch. GitOps-as-a-Service lets existing Argo CD users import their instance configurations into Harness, enabling users to access the benefits of our enterprise-class features without forcing users to start from scratch.

Drift Detection

Harness GitOps-as-a-Service automatically detects differences between code running in clusters and the code stored in a Git repository. If discrepancies are found, Drift Detection is able to automatically trigger an application sync to correct those differences.

Application Sync

GitOps-as-a-Service syncs changes made in Git with clusters running in environments. This ensures that your deployments match the desired state based on recent code changes and the application configuration is the same as what is stored in Git.

Comprehensive APIs

Harness provides well-documented REST APIs for automation across our entire platform, including onboarding new teams and projects at scale. Our APIs enable you to automate and manage your end-to-end workflow, and integrate Harness into your existing tooling.

Deployment Strategies

Built-in deployment strategies for Canary, Blue-Green, Rolling Updates

Unlike other software delivery solutions, Harness doesn't require additional scripting to perform deployment strategies that safeguard application uptime. Harness provides built-in support for a broad range of deployment strategies enabling you to select what’s appropriate for your deployment need.  

  • Canary deployments can be customized to deploy code changes to specified nodes. 
  • Blue-green deployments switch traffic between environments. 
  • Rolling deployments methodically release application changes.

These strategies mitigate downtime risk by slowly releasing changes across environments and allowing for easier rollbacks.

Automated Rollbacks & Failure Strategies

Harness reduces downtime risk by providing different failure strategies. Harness can automatically rollback problematic deployments and deploy the last successful artifact into production, or Harness can notify users about failed deployments and allow them to make the decision on rolling back. Depending on your desired behavior, Harness has the right solution for handling failures once software is deployed to production.

Deployment Freeze

There are certain time periods where deploying software introduces an unacceptable level of risk ( e.g. Black Friday, Cyber Monday, or times when other peak events could create peak stress levels for your deployments). Harness allows users to schedule deployment freeze windows that prevent deployments from occurring during specified time periods. These defined freeze windows are able to impose the following restrictions:

  • Deployments cannot be started manually or using a trigger.
  • Active deployments are allowed to complete.
  • During execution if a pipeline hits a stage with an environment that has a deployment freeze enabled, then the pipeline gets rejected. You can resume the rejected pipelines from the previous state once the deployment freeze window is over.
  • If the first stage of a pipeline (or a workflow) uses an environment that has a deployment freeze enabled, then you need to wait for the deployment freeze window to be over before triggering the deployment.

Deployment Platforms

Harness is a cloud-agnostic software delivery platform that orchestrates deployments across any environment. Harness CD & GitOps can assist companies in deploying traditional applications, and cloud native – including containers and serverless, while simultaneously assisting teams migrating to the cloud, and can facilitate a migration between clouds.

Kubernetes
Helm

Amazon ECS

Azure Kubernetes Service

Azure Web App

Tanzu Application Services (Pivotal Cloud Foundry/PCF)

Amazon Lambda

Amazon AMI

Azure VMSS

IIS (.NET)

Traditional SSH

Custom Deployments

Administration

Comprehensive APIs

Harness provides well-documented REST APIs for automation across our entire platform, including onboarding new teams and projects at scale. Our APIs enable you to automate and manage your end-to-end workflow, and integrate Harness into your existing tooling.

Built-in User Management & Authentication

Harness provides built-in access control features including authentication, authorization and auditing. It also allows you to enforce password policies, such as password strength, periodically expiring passwords, and enforcing two-factor authentication.

Data Retention (6 months)

Data retention policies depend on the Harness product and plan you are using. For example, Harness CD and CCM have different data retention policies. If you require a longer retention period for legal discoveries or other reasons, you can request one by contacting us.

Service & Infrastructure dashboards

Harness Continuous Deployments (CD) provides DORA and other advanced metrics for Deployments and Services.  You can measure Deployments and Services within the CD module and using the Harness Platform Dashboards. Platform Dashboards also let you create highly advanced custom dashboards.

Provisioning Users with Okta (SCIM)

Harness makes it easy to provision users with Okta. By using Okta as your identity provider, you can efficiently provision and manage users in your Harness Account, Org and Project. Harness' SCIM integration enables Okta to serve as a single identity manager, for adding and removing users, and for provisioning User Groups. This is especially efficient for managing many users.

Provision Azure AD Users and Groups (SCIM)

By using Azure AD as your identity provider, you can efficiently provision and manage users in your Harness Account, Org and Project. Harness' SCIM integration enables Azure AD to serve as a single identity manager, for adding and removing users, and for provisioning User Groups. This integration makes it more efficient when managing large numbers of users.

Provision Users and Groups with OneLogin (SCIM)

You can use OneLogin to provision users and groups in Harness. Harness' SCIM integration enables OneLogin to serve as a single identity manager for adding and removing users. This is especially efficient for managing large numbers of users.

Multiple Projects

Manage multiple projects for business units or divisions easily in Harness. Harness Organizations (Orgs) allow you to group projects that share the same goal. A Harness Project is a group of Harness modules and their Pipelines. You can add an unlimited number of Harness Projects to an Org. All Projects in the Org can use the Org's resources.

Multiple Organizations

Create organizations and add collaborators to it. Then these organizations can easily work on projects together.

Custom Dashboarding

Create custom dashboards to access just the information you need. The Dashboard allows you to organize, explore, and present structured data logically. You can use this data to improve deployments and to inform and improve your operations and business decisions.

Templates Library

Harness enables you to add Templates to create re-usable logic and Harness entities such as  Steps, Stages, and Pipelines in your Pipelines. You can link these Templates in your Pipelines or share them with your teams for improved efficiency. These templates enhance developer productivity, reduce onboarding time, and enforce standardization across the teams that use Harness.

Single Sign-On (SSO) with LDAP

Harness supports Single Sign-On (SSO) with LDAP implementations, including Active Directory and OpenLDAP. Integrating Harness with your LDAP directory enables you to log your LDAP users into Harness as part of Harness' SSO infrastructure. Once you integrate your Harness account with LDAP, you can create a Harness User Group and sync it with your LDAP directory users and groups. Then the users in your LDAP directory can log into Harness using their LDAP emails and passwords.

Security

Single Sign-On (SSO) with OAuth 2.0

Harness supports Single Sign-On (SSO) with OAuth 2.0 identity providers, such as GitHub, Bitbucket, GitLab, LinkedIn, Google, and Azure. These integrations allow you to use an OAuth 2.0 provider to authenticate your Harness Users. Once OAuth 2.0 SSO is enabled, Harness Users can simply log into Harness using their GitHub, Google, or other provider's email address.

Single Sign-On (SSO) with SAML

Harness supports Single Sign-On (SSO) with SAML, integrating with your SAML SSO provider so you can log your users into Harness as part of your SSO infrastructure.

Single Sign-On (SSO) with LDAP

Harness supports SSO with LDAP implementations, including Active Directory and OpenLDAP. Integrating Harness with your LDAP directory enables you to log your LDAP users into Harness as part of Harness' SSO infrastructure. Once you integrate your Harness account with LDAP, you can create a Harness User Group and sync it with your LDAP directory users and groups. The users in your LDAP directory can then log into Harness using their LDAP emails and passwords.

Two-Factor Authentication (2FA)

Harness provides support for 2FA throughout the Harness Software Delivery Platform, with enforcement both at the individual user account level and at the account-wide (all accounts) level. 2FA setup with Harness is easy, using a smartphone-based process using QR codes for initial setup and username/password for all subsequent logins once configured.

IP Address Whitelist Management

Harness provides the ability for their administrators to control what systems Harness users can access within their environments.

Secrets Management

Harness includes a built-in Secret Management feature that enables you to store encrypted secrets, such as access keys, and use them in your Harness Connectors and Pipelines. Integrated managers include AWS KMS, HashiCorp Vault, Azure Key Vault, Google KMS, and AWS Secrets Manager.

Integration with Harness Security Testing Orchestration (STO)

With Harness STO, you can automatically run the right security scanners at the right stages of the pipeline (shift-left security) to deliver secure applications faster and minimize business risk.

Log Sanitization

Harness sanitizes deployment logs and any script outputs to mask text secret values. For text and file secrets, the secrets are stored in the Secrets Manager you select. When a text secret is displayed in a deployment log, Harness substitutes the text secret value with asterisks (*) so that the secret value is never displayed.

Audit Trail (2 years data retention)

Harness Audit Trails provide the visibility needed to meet organizational governance needs and prepare for external audits. With Harness Audit Trails, you can view and track changes to your Harness resources within your Harness account with data stored from up to two years prior. Without this data, developers are forced to manually compile information for audits.

Governance 

Policy Based Governance (OPA)

Harness Policy as Code is a centralized policy management and rules service that leverages the Open Policy Agent (OPA) to meet compliance requirements across software delivery and enforce governance policies. Policies are written as declarative code, so they are easy to understand and modify, enabling teams to have autonomy over their processes with oversight and guardrails in place to prevent them from straying from standards.

RBAC (Role based Access Control) - Built in Roles and Custom Roles

Harness provides fine-grained RBAC to enforce separation of duties and control what user groups are granted access to specific resources based on assigned roles. This allows businesses to protect their data and key business processes through company-set rules and roles. Built-in roles are available by default to quickly create the desired permissions at the account, organization, and project level within Harness, as well as the ability to create custom roles for additional flexibility based on business needs that fall outside of the scope provided by default roles.

Pipeline Governance

Harness Pipeline Governance measures how compliant your CI/CD pipelines are compared to your regulatory and operations standards. As a deployment pipeline is triggered within Harness, the deployment can require approval before releasing to production based on a “score” that indicates how compliant a given pipeline is before approving - this “score” is made up of individual weighted tags that, together, determine the level of compliance.

Audit Trail (2 years data retention)

Harness Audit Trails provide the visibility needed to meet organizational governance needs and prepare for external audits. With Harness Audit Trails, you can view and track changes to your Harness resources within your Harness account with data stored from up to two years prior. Without this data, developers are forced to manually compile information for audits.

Hosting

Harness provides a flexible hosting model that allows for full SaaS implementations, full on premise implementations, and hybrid implementations. These flexible models allow companies with a variety of security requirements to use Harness CD & GitOps.

Hosting includes:

  • Self-Managed
  • SaaS
  • Zero Touch Maintenance (Nothing to Install/Upgrade)
  • Automatic Horizontal Scaling & High Availability
  • Automatic Backups & Disaster Recovery
  • SLA guarantee

Support

Community
Those using open source and source-available products from Harness can access community.harness.io to leverage our community-supported knowledge base contributed to by both Harness staff and Harness users.

Standard
Harness standard support, included for all Harness customers on a paid contract, includes coverage from 9am to 5pm Monday through Friday, with response times indicated in the table below based on the severity of the need. Support entitlements are provided for two named admins for each customer.

Premier
Harness standard support, included for all Harness customers on a paid contract, includes coverage 24 hours a day, 7 days a week, with response times indicated in the table below based on the severity of the need. Also included at the Premier support level are Zoom-based communication as well as post-incident reports. Support entitlements are provided to all customer staff.